# Copyright (c) 2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#     * Redistributions of source code must retain the above copyright
#       notice, this list of conditions and the following disclaimer.
#     * Redistributions in binary form must reproduce the above
#       copyright notice, this list of conditions and the following
#       disclaimer in the documentation and/or other materials provided
#       with the distribution.
#     * Neither the name of The Linux Foundation nor the names of its
#       contributors may be used to endorse or promote products derived
#       from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# mlstrustedsubject is needed for access to /pro/pid of other apps.
type hal_perf_default, domain, mlstrustedsubject;
hal_server_domain_bypass(hal_perf_default, hal_perf)

type hal_perf_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_perf_default)

# Allow hwbinder call from hal client to server
binder_call(hal_perf_client, hal_perf_server)

# Add hwservice related rules
add_hwservice(hal_perf_server, hal_perf_hwservice)
allow hal_perf_client hal_perf_hwservice:hwservice_manager find;

allow hal_perf cgroup:file r_file_perms;
allow hal_perf_default proc:file rw_file_perms;
allow hal_perf device_latency:chr_file rw_file_perms;
allow hal_perf_default mpctl_data_file:dir rw_dir_perms;
allow hal_perf_default mpctl_data_file:file create_file_perms;
allow hal_perf_default lm_data_file:dir rw_dir_perms;
allow hal_perf_default lm_data_file:file create_file_perms;
allow hal_perf_default sysfs_lib:file w_file_perms;

# Allow perf HAL to set freq props
set_prop(hal_perf_default, freq_prop)

#Access to /proc/meminfo
allow hal_perf proc_meminfo:file r_file_perms;

#Access to /proc/pid of other apps
r_dir_file(hal_perf, appdomain);
dontaudit hal_perf domain:dir r_dir_perms;
allow hal_perf appdomain:process sigkill;
allow hal_perf_default self:capability {dac_override sys_resource kill};

#Acess to kgsl memory /sys/class/kgsl/kgsl/proc/<pid>/kernel &
#Acess to ion  memory /sys/class/kgsl/kgsl/proc/<pid>/ion
allow hal_perf sysfs_kgsl_proc:dir r_dir_perms;
allow hal_perf sysfs_kgsl_proc:file r_file_perms;

allow hal_perf {
    sysfs_devices_system_cpu
    sysfs_mpdecision
    cpuctl_device
    sysfs_devfreq
    sysfs_mmc_host
    sysfs_scsi_host
    sysfs_kgsl
    sysfs_cpu_boost
    sysfs_msm_perf
    sysfs_memory
    sysfs_graphics
    sysfs
    sysfs_msm_power
    sysfs_battery_supply
    sysfs_process_reclaim
}:dir r_dir_perms;

allow hal_perf {
    sysfs_devices_system_cpu
    sysfs_mpdecision
    cpuctl_device
    sysfs_kgsl
    sysfs_cpu_boost
    sysfs_msm_perf
    sysfs_memory
    sysfs_graphics
    sysfs_scsi_host
    sysfs_devfreq
    sysfs_mmc_host
    sysfs_msm_power
    sysfs_battery_supply
    sysfs_process_reclaim
}:file rw_file_perms;

allow hal_perf {
    sysfs_devfreq
    sysfs_mmc_host
    sysfs_scsi_host
    sysfs_kgsl
}:lnk_file r_file_perms;